i mean a default firewall setup can never bring in 100% security as there are a lot different environments… you need to get knowledge on how the firewall can protect you in different scenarios, we only provide the tool with the default shipped setup that comes with the package… we do not go to ship network disabled and firewall in panic mode 
6 Likes
Sure, this is just a heads up, don’t feel safe just because you have a firewall kind of thing… 
2 Likes
1 Like
@fbodymechanic
Just to get you going with firewalld (I’ve been using it like almost forever…slight exageration)
Dynamic Firewall (Firewalld)
To enable the dynamic firewall, you will need to disable the traditional firewall and install the new dynamic firewalld. The main difference between the two is firewalld is smarter in the sense it does not have to be stopped and restarted each time a policy decision is changed, unlike the traditional firewall.
Disable the traditional firewall.
Disable Iptables
# systemctl stop iptables.service
# systemctl stop ip6tables.service
Remove iptables entirely from system (if installed):
# systemctl disable iptables.service
rm '/etc/systemd/system/basic.target.wants/iptables.service'
# systemctl disable ip6tables.service
rm '/etc/systemd/system/basic.target.wants/ip6tables.service'
Enable and then start Firewalld:
# systemctl enable firewalld.service
# systemctl start firewalld.service
Again for the old men like me: is it enough to just install firewalld, or is there something else that needs to go along with it (python-pyqt5, python-capng) as seen on Joe’s installation screenshot?
I still have 2 computers to look after, where I fear that this could still be demanded there afterwards.
Those are optional dependencies.
And what exactly are they for?
Optional Deps : bash-completion: bash completion
gtk3: firewall-config
libnotify: firewall-applet
nm-connection-editor: firewalld-applet
python-capng: drop daemon capabilities
python-pyqt5: firewall-applet
1 Like
thx @dalto 
1 Like
firewalld public profile allows the system to be visible but no incoming traffic allowed.
This is a safe and sound default.
To make your system invisible you run the following command
sudo firewall-cmd --set-default-zone=drop
If you’d like access using the system tray - install the package python-pyqt5
2 Likes
What is meant by Activate Shields in the Applet? I think the FW runs out of the box in public mode and is already active.
Switch between two zones quickly. Example Public (when not selected) → Block zone (when selected).
You can configure/select the zones yourself.
1 Like
thx @EOS
1 Like
Not sure about this Apollo ISO, I just keep it up date. I did follow the instructions and the GUI times out. I installed and stopped the services of ufw first. I even rebooted and installed, enabled and started firewalld, but still GUI won’t start.
I like firewalld because it is much more configurable, but I returned to ufw while while I try to understand why following the firewalld docs exactly it is timing out. Should I open a new thread?
Try launching the gui from a terminal and see if you are getting errors in there.
What i did.
Stopped ufw & uninstalled it.
Installed iptables-nft to replace iptables
Installed firewalld and rebooted.
Gui tray icon appeared and everything seems good.
2 Likes
im having a little issue
ive done ‘sudo firewall-cmd --set-default-zone=drop’ AND ‘sudo firewall-cmd --zone=drop --change-interface=enp5s0 --permanent’ (that is the correct interface, also confirmed by the tray applet)
and also confirmed in the gui that its set to ‘drop’
but plasma-firewall (component in the plasma control center or what its called) shows the rule is set to ‘allow’ for both incoming and outgoing.
is that a bug in plasma-firewall? surely incoming shoud say blocked?
It worked!
1 Like